<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="zh-cn" xml:lang="zh-cn">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="OpenStack云服务器副本勒索软件检测">
<meta name="product" content="">
<meta name="DC.Relation" scheme="URI" content="ransome16_001.html">
<meta name="prodname" content="">
<meta name="version" content="">
<meta name="brand" content="">
<meta name="DC.Publisher" content="20250306">
<meta name="prodname" content="csbs">
<meta name="documenttype" content="usermanual">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="ransome16_009">
<meta name="DC.Language" content="zh-cn">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>OpenStack云服务器副本勒索软件检测</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="ransome16_009"></a><a name="ransome16_009"></a>

<h1 class="topictitle1">OpenStack云服务器副本勒索软件检测</h1>
<div><p>本节介绍如何对OpenStack云服务器副本执行勒索软件检测。</p>
<div class="section"><h4 class="sectiontitle">前提条件</h4><p id="ransome16_009__zh-cn_topic_0000001607859818_p48791656152012">已经对资源创建了防勒索策略。</p>
</div>
<div class="section"><h4 class="sectiontitle">注意事项</h4><ul id="ransome16_009__ransome_0014_zh-cn_topic_0000001263616354_ul448021115266"><li id="ransome16_009__ransome_0014_zh-cn_topic_0000001263616354_li14483114103711">支持的操作系统类型为Linux、Windows。</li><li id="ransome16_009__ransome_0014_zh-cn_topic_0000001263616354_li1948051110265">支持检测的<span style="color:#282B33;">Linux文件系统类型为ext 2/3/4、XFS</span>。支持检测的<span style="color:#282B33;">Windows文件系统类型为NTFS、FAT、FAT32</span>。</li><li id="ransome16_009__ransome_0014_zh-cn_topic_0000001263616354_li0743654102718"><span style="color:#282B33;">加密卷不支持检测</span>。</li><li id="ransome16_009__ransome_0014_li1866615545919">如果存储设备是从1.2.0版本快速升级上来的，请参考<a href="https://support.huawei.com/enterprise/zh/flash-storage/oceanprotect-x8000-pid-251807257?category=installation-upgrade&amp;subcategory=upgrade-guide" target="_blank" rel="noopener noreferrer">《OceanProtect 专用备份存储 X.X.X 升级指导书》</a>升级存储设备内核版本到存储设备的当前版本，其中，“X.X.X”为产品版本。</li></ul>
</div>
<div class="section"><h4 class="sectiontitle">执行检测</h4><p>除了调度防勒索策略对副本进行检测外，您还可以对单个资源的所有副本执行手动检测。手动检测的操作步骤如下。</p>
<ol><li><span>选择“数据安全 &gt; 防勒索 &gt; 检测总览”。</span></li><li id="ransome16_009__li95138547415"><span>在<span class="uicontrol" id="ransome16_009__uicontrol9497624521">“检测总览”</span>页面，单击<span class="uicontrol" id="ransome16_009__uicontrol17123174616227">“请选择资源类型”</span>选择<span class="uicontrol" id="ransome16_009__uicontrol11974144310517">“OpenStack云服务器”</span>。</span></li><li><span>在需要执行手动检测的资源所在行，单击<span class="menucascade" id="ransome16_009__ransome_0014_menucascade20215830192810">“<span class="uicontrol" id="ransome16_009__ransome_0014_uicontrol1521573016281"><span id="ransome16_009__ransome_0014_text17613115182818">更多</span></span> &gt; <span class="uicontrol" id="ransome16_009__ransome_0014_uicontrol7517173272811"><span id="ransome16_009__ransome_0014_text345103202915">手动检测</span></span>”</span>。</span><p><div class="p" id="ransome16_009__ransome_0014_zh-cn_topic_0000001263616354_p18295134812142">在弹出的窗口中，勾选待检测的副本，单击<span class="uicontrol" id="ransome16_009__ransome_0014_uicontrol9104113618261">“确定”</span>。<div class="note" id="ransome16_009__ransome_0014_zh-cn_topic_0000001263616354_note72063315202"><img src="public_sys-resources/note_3.0-zh-cn.png"><span class="notetitle"> </span><div class="notebody"><p id="ransome16_009__ransome_0014_zh-cn_topic_0000001263616354_p420613182014">您还可以在需要执行手动检测的资源所在行，单击副本数量，在右侧弹出的窗口中，单击某个待检测副本右侧的<span class="menucascade" id="ransome16_009__ransome_0014_menucascade1540072615307">“<span class="uicontrol" id="ransome16_009__ransome_0014_uicontrol164004269308"><span id="ransome16_009__ransome_0014_text17400112615308">更多</span></span> &gt; <span class="uicontrol" id="ransome16_009__ransome_0014_uicontrol17400162612305"><span id="ransome16_009__ransome_0014_text1440012263306">手动检测</span></span>”</span>。</p>
</div></div>
</div>
</p></li></ol>
</div>
<div class="section"><h4 class="sectiontitle">查看检测报告</h4><ol><li><span>选择“数据安全 &gt; 防勒索 &gt; 检测总览”。</span></li><li><span>在<span class="uicontrol" id="ransome16_009__ransome16_009_uicontrol9497624521">“检测总览”</span>页面，单击<span class="uicontrol" id="ransome16_009__ransome16_009_uicontrol17123174616227">“请选择资源类型”</span>选择<span class="uicontrol" id="ransome16_009__ransome16_009_uicontrol11974144310517">“OpenStack云服务器”</span>。</span></li><li><span>在待查看检测报告的资源所在行，单击副本数量。</span></li><li><span>在弹出的窗口中，单击某个副本右侧的<span class="menucascade" id="ransome16_009__ransome16_002_menucascade18775161315392">“<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol777531314392"><span id="ransome16_009__ransome16_002_text124791531103915">更多</span> &gt; <span id="ransome16_009__ransome16_002_text1938810487392">检测报告</span></span>”</span>。检测报告中展示了检测的详情和可疑文件列表。</span></li><li><span>（可选）误报处理。</span><p><p id="ransome16_009__ransome16_002_zh-cn_topic_0000001263616354_p663985722615">如果您发现未感染的副本被检测为<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol4131163815202">“<span id="ransome16_009__ransome16_002_text826814112116">已感染</span>”</span>，可根据检测报告中的可疑文件列表排查文件属主等文件信息是否发生变化，若无变化则说明文件被误报，可以通过误报处理，修正副本勒索检测状态。</p>
<ol type="a" id="ransome16_009__ransome16_002_zh-cn_topic_0000001263616354_ol1757712526272"><li id="ransome16_009__ransome16_002_zh-cn_topic_0000001263616354_li10577165219278">在需要执行误报处理的资源所在行右侧<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol18766121722211">“<span id="ransome16_009__ransome16_002_text18371653132210">操作</span>”</span>列，单击<span class="menucascade" id="ransome16_009__ransome16_002_menucascade8158446102312">“<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol18158546192314"><span id="ransome16_009__ransome16_002_text1678038122412">更多</span> &gt; <span id="ransome16_009__ransome16_002_text103422792518">误报处理</span></span>”</span>。</li><li id="ransome16_009__ransome16_002_zh-cn_topic_0000001263616354_li19091545153613">在弹出的对话框中，确认信息无误后，单击<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol7671597255">“<span id="ransome16_009__ransome16_002_text0915171610261">确定</span>”</span>。系统会将误检测为<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol14914111916279">“<span id="ransome16_009__ransome16_002_text694144118271">已感染</span>”</span>状态的副本变更为<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol1430110526281">“<span id="ransome16_009__ransome16_002_text1484062212298">未感染</span>”</span>状态。</li></ol>
<div class="note" id="ransome16_009__ransome16_002_zh-cn_topic_0000001263616354_note8907111033116"><img src="public_sys-resources/note_3.0-zh-cn.png"><span class="notetitle"> </span><div class="notebody"><p id="ransome16_009__ransome16_002_zh-cn_topic_0000001263616354_p190741093120">仅支持对勒索检测状态为<span class="uicontrol" id="ransome16_009__ransome16_002_uicontrol15500161213308">“<span id="ransome16_009__ransome16_002_text1011033017304">已感染</span>”</span>的副本执行误报处理。</p>
</div></div>
</p></li></ol>
</div>
</div>
<div>
<div class="familylinks">
<div class="parentlink"><strong>父主题：</strong> <a href="ransome16_001.html">执行副本防勒索（适用于1.6.0及后续版本）</a></div>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">版权所有 &copy; 华为技术有限公司</div></body>
</html>